CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart,” a name that encompasses its function and goal: a robot-administered test that verifies authentic users and weeds out evil bots that inject spam and harvest emails.

Since 2000, CAPTCHAs have been understood as annoying-but-bulletproof, but this understanding is being challenged today (at least the “bulletproof” part). One San Francisco-based startup has claimed to have created an algorithm that cracks CAPTCHAs with 90 percent accuracy. Google Maps’ clever street address-reading algorithm has beckoned the downfall of CAPTCHAs with 99.8 percent accuracy. The robots may be winning.

Traumatic CAPTCHA fails are an almost universal web experience, disrupting interactions like shopping, banking or sending messages.

Yet the need and desire for online security measures is only growing. Studies on purchasing and anonymity agree that users want and need privacy, and are willing to do something about it to avoid ending up like this guy.  So, right now, user authentication is both quite necessary and outdated CAPTCHAs prove a source of acute frustration, especially for those in UX. So many sites with an otherwise seamless user experience confront their customers or users with troubling, hard-to-decipher text or number codes. These CAPTCHAs can mean UX failure, breaking up user flow, and moreover can be impossible for those with disabilities or eyesight issues. These problems need to be addressed.

CAPTCHAs as Works of Art

An important and less discussed topic is how and with what attitude to approach a web dilemma such as this. While some focus mostly on what is wrong with the system, we would prefer to channel Winston Churchill who once wrote this: A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty.” Were he reincarnated as a UX designer, the former British Prime Minister and Nobel Laureate in literature, would seize this moment with opportunistic positivity, scoring a well-designed win for human users.

Spurred by the need for an alternative to warped-text CAPTCHAs on the basis of UX and security, folks around the globe are working furiously in the spirit of Churchill to forge more effective, smoother, better-looking, and even fun, CAPTCHA possibilities.

Ever since Gary Kasparov faced off against Deep Blue, has there been such a struggle to outwit robots. And this great struggle for decent web security measures (read: that don’t shit on the user) continues.

Here are 8 CAPTCHA Alternatives for Better UX

1. Sweet Captcha

Sweet Captcha bravely turns text CAPTCHA into a more interesting (alright, a little cutesy) game.

Matching categories and dragging items seems to require a specifically human intelligence, and adds a fun element to something once awful. That said, Sweet Captcha may be a good option for some, but definitely not all sites. One can imagine certain portfolios, personality-forward companies, kids sites and games that would benefit from this. This option will probably fall short for more serious-minded ventures. Also, with Sweet Captcha the impairment issue is not sufficiently addressed, though easier to decode than a nasty morphed-text CAPTCHA. Users will still have to visually decipher and manipulate images.

2. PlayThru

Get on the verified human whitelist. You are human, right?

As seen in this video, PlayThru uses a similar game element to Sweet Captcha in its human verification. Their matching games could be a genuinely enjoyable feature for some, and at the very least, a more interesting way to prove one’s humanity (a robot would totally consider that taxi to be food).

3. Biometric Security

Using data that is tied to your DNA for everyday online verification is hovering on the horizon, but it could prove instantaneously effective... and slightly creepy.

Your device probably has a camera and smart screen/trackpad, and developers want to leverage that fact for security. What is more you than your eyes, face, or fingerprint, right? Tapping into your body data will do much to limit the ability of spammers to create unlimited email accounts.

This is an exciting development, but still, there are valid concerns about theft, which is on a different level with DNA-specific data. As in, when someone steals your password, you make another. If someone steals your retinal or fingerprint pattern…rats.

4. Text Message Verification

Two-step authentication is effective for preventing hacks, although needing a second device isn't exactly stellar UX...

The security of mobile apps, especially gaming apps, is trying to catch up to the pack by relying increasingly on user’s cell phone numbers over more traditional User IDs and Passwords. One article even proclaims the death of passwords for gaming apps because of this new trend. This could signal a big change for security (assuming every user has a mobile number).

Text Message Verification, by involving personal devices tied to human-only accounts, solves the hacker issue. It also signals potential for more personality in the security process with messages that might speak to the individual user.

5. NuCaptcha

Some CAPTCHAs are harder to decipher than others. NuCaptcha makes it easy for users who behave like real-life humans.

In response to the UX problems of traditional CAPTCHAs, NuCaptcha’s home page asks: “How Much Is User Abandonment Costing Your Company?” Their Adaptive Authentication method tracks users’ activity. For instance, a user that is determined to behave like a spam bot receives a very challenging CAPTCHA, a more human-seeming user will receive a simpler one. Smart and simple, but a CAPTCHA nonetheless.

6. The Honeypot Method

Hidden fields trick bots into filling out items that humans can't see. We've used this here at Digital Telepathy on a few projects with success.

The Honeypot method tries to completely do away with interrupting the user workflow, something all other CAPTCHAs unfortunately do. The Honeypot method screens out bots by fooling them into auto-filling forms. These hidden-field forms are invisible to human users, so there is little risk of confusion. Problems arise with browsers that auto-fill without prompting the user (lookin’ at you, Safari), and for advanced bots that circumvent this.

7. Math Captcha

Turns out spam bots aren't so great at math. Simple questions like this can help curb spam while keeping UX satisfaction on the up-and-up.

Developers have found that responding to math questions can be among the most effective routes to verify authentic, non-robot users. With this WordPress plugin, Math Captcha, one can choose where your CAPTCHA will activate and there’s some interesting formats your CAPTCHA can take. For instance, you can choose simple math problems, word problems, or a high-level math headache. A welcome addition to CAPTCHA innovations.

8. Confident Captcha

How quickly can you recognize the bird in this picture? That's how quickly Confident Captcha can work!

Confident CAPTCHA is another image-based, human verification technique. It boasts 96 percent accuracy, which is pretty darn good, and it supposedly works twice as fast as traditional CAPTCHAs.

How it works, is that it shows you about nine unique images and then asks three questions about the images shown. For example, on my first try, it asked me to find the images of “beverage,” “money,” and “outer space” within the nine image selections. After I successfully found the right matching images, it confirmed that I am indeed a homosapien. Yay!

9. No CAPTCHA from reCAPTCHA

First, Google created an algorithm that can crack CAPTCHAs. Now they're changing the paradigm by tracking your data. Surprised?

Just over a year old, noCAPTCHA is the next step from the reCAPTCHA folks at Google. In fact, it ditches the whole premise of CAPTCHAs.

Their solution? Metrics. Tracking your user data will show whether or not a user is indeed human, and a simple checked-off box suffices. The user’s experience is that No CAPTCHA asks you  to check a box that states: “I’m not a robot.” After that’s done—boom, you’re all set. The responsive option is even easier. It shows you an image, let’s say of a cat, then it shows you a panel of images beneath the image of the cat. Find all the images related to your cat, (like kittens, tigers, lions, oh my!) and then it knows, yep, you’re a human.

Openness Powers a Better Experience

Open Authentication (OAuth) coordinates with your “third party” accounts (think Facebook, LinkedIn, Twitter) and verifies your identify through an existing profile, which requires authentication, such as a CAPTCHA, to create in the first place. The result of OAuth, as it is known to developers, is “secure delegated access,” and the trend is toward expansion.

Developers, like those formulating CAPTCHA alternatives, are turning web frustrations into design opportunities. This points to a more optimistic era in our UX. Designers, on the other hand, are always looking for ways to reduce friction in websites and applications. From fun, human, user verification tests, to companies turning their 404 screens into game changers, we see smart, easy sleekness (a trademark of good web design), as well as the incorporation of new technologies linked to our DNA, that make authentication and navigation more natural.

Modern consumers (and products) are done overlooking features that look bad or work poorly. Features that were once treacherous are becoming more intuitive, beautiful and memorable. Even though CAPTCHAs are getting better, the world is still full of design problems that provide many opportunities for an improved experience.

Comments
  • jamie3d

    I’ve always loved CAPTCHAs! (not filling them out, but the thought process behind them) My favorites are the No CAPTCHA and the regular old Honeypot method.

    It is worth noting however. If your issue is bots, a Honeypot will likely work well. However, if your issue is that someone hired folks on Amazon’s Mechanical Turk to fill forms on your site, (or a clever individual has written a form filler in PhantomJS) then the Honeypot will likely be ineffective. But it really works wonders for some situations!

  • Pingback: Tired of Getting Spam?Web Candy Website Design | Web Candy Website Design()

  • Pingback: Crean p | Pearltrees()

  • Nicole King

    One homo sapiens. Two homo spaiens. It’s invariant. Please correct.

    • Lauren Ventura

      Great catch, Nicole. Hope you enjoyed the article.

  • Great article! We’re excited to see more discussion around CAPTCHA innovation.

    While it’s a bummer we’re not on your list, our data is showing we’re consistently #1 for both conversions and security. Try us at https://funcaptcha.com/demo to get a feel for us.

    We’re striving to increase both of these areas through continual innovation (something CAPTCHAs have lacked) and this stems from discussions like the ones this article promotes. Again, great piece and we look forward to more like it.

  • Pingback: A la búsqueda del captcha perfecto - ddsign()

  • We used Google’s reCaptcha for a while because it seemed great at first. Most users just had to check a single checkbox or sometimes had to identify pictures. But then at some point many users – even those who where logged in with their Google account – started to get insane requests to copy/paste code into another field even AFTER the image part, which was the worst usability ever and we ditched the whole thing.

  • Pingback: Tweet Parade (no.34-2015) - Best Articles of Last Week | gonzoblog()

  • Gigi

    Hi, I just get to use this new generation captcha: you can see an example at http://www.goodbyecaptcha.com it works great but looks like something “is missing” as it use a different method: just very interesting and works!!!

  • You may want to rethink Sweet Captcha. They inject pop-up ads into your website. (Those nasty ones you can’t close unless you click the right “ok” button…)

  • Recaptch is famous now days with dual type of verification on this captcha nice list.

  • Pingback: 9 substitutes for CAPTCHA | 32dayz Blog()

  • Super-cool idea! Totally sharing this =)

  • Paul Dudink

    While I like the idea, this does not prevent bots to submit the form and does not replace a captcha. A bot can simply “submit the form” without sliding anything.
    The whole idea of a captcha is the fact that it can be verified serverside.
    The slidetosubmit would work if it would generate some kind of code and submit that along with the form which then can be verified by the server in order to know that the slide has been used. The code generated by the slider should not be guessable by the bot.

    • Makes a lot of sense, Paul – yes, there are definitely technical requirements that need to be considered in order to make a concept like this work, but we liked this idea as it makes verification a much more natural interaction from the user’s end.

  • Nastya

    I like your description